Skillv1.0.2

ClawScan security

Valiron · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 25, 2026, 3:47 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, instructions, and declared credential needs align with a payment-interceptor/trust-gate purpose; I found no requests or installs that are disproportionate or unrelated to that purpose.
Guidance: This skill appears coherent and focused on adding a trust gate before outgoing payments. Before installing: (1) verify the provenance of the @valiron/sdk npm package and review its upstream source; (2) store VALIRON_API_KEY and other secrets in a secrets manager (do not hardcode); (3) review and test your decision policy JSON and the provided validator locally to ensure it enforces your intended limits; (4) pick conservative fallback modes (fail-closed) for high-value flows and test fail-open behavior in a sandbox; (5) confirm logging/audit configuration redacts secrets as recommended. If you need higher assurance, review the actual @valiron/sdk runtime behavior (network endpoints, telemetry) and run the validator on representative policy files.

Review Dimensions

Purpose & Capability: okName/description (payment interception using Valiron trust decisions) match the included source and runtime instructions. The primary credential (VALIRON_API_KEY) and references to @valiron/sdk and payment rail libraries are appropriate for this functionality. The SKILL.md also documents optional env vars (VALIRON_BASE_URL, VALIRON_TIMEOUT_MS), which are reasonable though not listed under required env vars in the registry metadata.
Instruction Scope: okSKILL.md confines runtime actions to extracting counterparty identity, calling the Valiron SDK (checkAgent/getWalletProfile), applying a policy, and enforcing spend controls; it does not instruct broad system scans, exfiltration, or access to unrelated secrets. The included policy validator enforces sane path rules (no absolute paths, no path traversal) and file size limits. Logging/audit guidance includes redaction guidance.
Install Mechanism: okNo install spec or remote downloads are present (instruction-only plus two local code files). There are no URLs or archive extraction steps. Dependencies referenced (e.g., @valiron/sdk) are typical npm packages for this use case; the skill does not attempt to fetch arbitrary code at runtime.
Credentials: okOnly VALIRON_API_KEY is declared as the primary credential; SKILL.md explains that the API key is optional in some deployments and lists additional optional env vars for configuring endpoint and timeouts. No unrelated credentials or broad secrets are requested.
Persistence & Privilege: okalways is false and the skill does not request persistent system-wide privileges or attempt to modify other skills. It instructs normal startup validation and policy checks but does not assert elevated platform presence.